Feeds

Mafia boss undone by clumsy crypto

Little Caesar

Choosing a cloud hosting partner with confidence

Clues left in the clumsily encrypted notes of a Mafia don have helped Italian investigators to track his associates and ultimately contributed to his capture after years on the run.

The recently busted Bernardo Provenzano, reputed to be the "boss of bosses" of the Sicilian Mafia, used a modified form of the Caesar cipher to obscure "sensitive information" in notes left to either his family or underlings.

According to a biography (written by Italian journalists Salvo Palazzolo and Ernesto Oliva) on bernardoprovenzano.net, the content of these notes varied from meal requests to his family to orders to his lieutenants where numbers were used to disguise people's names.

Provenzano, 73, was arrested last week in a farm close to his home town of Corleone on the Italian island of Sicily after almost 40 years on the run. He's accused of numerous homicides including the 1992 murder of two judges, a crime that earned him a life sentence in absentia. Provenzano who earned the nickname Binnu u tratturi (Binnu the tractor) because of his rep for mowing down enemies, latterly took to writing instructions incorporating basic encryption on small scraps of paper, known locally as pizzini.

The classic Caesar cipher moves every letter in the alphabet three charecters later (so A becomes D and B becomes E, etc.). The so-called Binnu code assigns a number in order to each letter in the Italian alphabet and adds three to that number in the ciphertext so that "A" is 4, "B" is 5 and so on.

The code would have been more secure if the numerical shift applied to the ciphertext was varied from time to time. As it was, the contents of messages was readily deciphered. "Looks like kindergarten cryptography to me. It will keep your kid sister out, but it won't keep the police out. But what do you expect from someone who is computer illiterate?" security guru Bruce Schneier told Discovery News.

Provenzano left school aged only eight, a factor which might explain the simplistic nature of the way sensitive messages, normally typed out on old typewriters, were encoded. The decipherment of the pizzini sent and received by Provenzano allowed police to identify his associates and ultimately contributed to investigative efforts that led to Provenzano's arrest, Discovery News reports. ®

Internet Security Threat Report 2014

More from The Register

next story
Criticism of Uber's journo-Data Analytics plan is an Attack on DIGITAL FREEDOM
First they came for Emil – and I'm damn well SPEAKING OUT
'It is comforting to know where your data centres are.' UK.GOV does NOT
Plus: Anons are 'wannabes', KKK says, before being pwned
Google's whois results say it's a lousy smut searcher
Run whois google.com or whois microsoft.com. We dare you, you PIG◙◙◙◙ER
Holy vintage vehicles! Earliest known official Batmobile goes on sale
Riddle me this: are you prepared to pay US$180k?
'Open source just means big companies can steal your code.' O RLY?
Plus: Flame of the Week returns, for one night only!
NEWSFLASH: It's time to ditch dullard Facebook chums
Everything hot in tech, courtesy of avian anchor Regina Eggbert
Hey, you, PHONE-FACE! Kickstarter in-car mobe mount will EMBED your phone into your MUG
Stick it on the steering wheel and wait for the airbag to fire
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.